| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. |
| elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. |
| Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. |
| Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. |
| Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. |
| Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. |
| Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. |
| In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. |
| In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. |
| An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. |
| Gitea before 1.16.7 does not escape git fetch remote. |
| Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. |
| atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. |
| xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. |
| Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials. |
| Calibre-Web before 0.6.18 allows user table SQL Injection. |